Enabling authentication for a device with an open web interface when using remote access via the KeenDNS service

Sometimes it may be necessary to remotely access some home network device with an unsecured web interface that does not support login and password authentication.
It is not safe to open remote access with KeenDNS to such devices. For this purpose, the KeeneticOS operating system can enable authentication by Keenetic when accessing such devices remotely.
Information on how to use the KeenDNS service and level 4 domain names can be found in the following article: An example of remote access to home network resources with KeenDNS.

This authentication is enabled through the Keenetic's command-line interface (CLI) with the following commands:

ip http proxy {name} auth — enables authentication, where {name} – the level 4 domain name you specified in the KeenDNS access configuration.

user {name} tag http-proxy — allows user {name} to login to the HTTP proxy (which the Keenetic acts as).

For example, the name 'qnap' is used as the level 4 domain name (qnap.myrouter01.keenetic.pro). We will use the Keenetic administrator account (admin) for authentication. In this case, to enable authentication for remote access to the web interface by Keenetic, you need to execute the following commands:

ip http proxy qnap auth
user admin tag http-proxy
system configuration save — to save the settings


When you open the address qnap.myrouter01.keenetic.pro in your web browser, you will see an authentication window. Only after you enter the username (admin) and the appropriate password will Keenetic forward your request to the device's web interface. In this example, to the QNAP NAS.

You can use this authentication not only for remote access to a home network device with an open web interface but also for devices protected by their own authentication system. In this case, dual authentication to the device will be used, increasing security for remote access.

TIP: Note: Starting with KeeneticOS 3.7, it is now possible to enable authorized access through the router's web interface in the 'Domain name' menu under the 'KeenDNS' tab in the 'Access to web applications running on your network' section. Here is an example of such a setting:

access_settings.png

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.